Posts tagged openssl

Last month Google said that it was tired of mashed-together bug fixes for OpenSSL and decided to create its own fork called BoringSSL. It has now implemented that variant in the latest Chromium build, the open-source software that eventually arrives in Chrome. OpenSSL is software used for secure c...

The world hasn't yet recovered from the Heartbleed vulnerability in OpenSSL and now there's news of a new bug affecting the popular open-source security package. This recently announced, and already patched, exploit could allow an attacker to see and modify traffic between an OpenSSL client and an...

​Looking for a positive take to cut though all the negative press that Heartbleed has been getting? Then the Open Source Initiative (OSI) has one. The news has been full of stories about the exploit in OpenSSL (itself, an open-source project) that has caused a wave of panic around the internet. Wi...

Bad news if you're relying on the Tor network to evade surveillance or otherwise remain anonymous: you're not immune from the Heartbleed bug, either. Key developer Roger Dingledine warns that some Tor nodes are running encryption software that's vulnerable to the flaw, and that they may have to be...

The United States National Security Agency may or may not have known about the security vulnerability known as "Heartbleed," but now that it's a widely publicized issue, the agency has some safety suggestions. Sure, you've probably heard all this before, but bear with us.
First and foremost, webs...

Many already thought that the "Heartbleed" security flaw in OpenSSL could be used to steal SSL keys from a server, but now there's proof. This is important because if someone stole the private decryption key to servers used by any of the many web services that used OpenSSL, then they could spy on...

The United States National Security Security Agency reportedly used the recently uncovered "Heartbleed" security exploit to access information, Bloomberg reports. According to two unnamed sources, the NSA exploited the flawed security standard for the past two years without alerting affected compa...

Read our Heartbleed defense primer? Good, but the fight for your privacy isn't over just yet: you might have to replace your router, too. Cisco Systems and Juniper Networks have announced that the Heartbleed bug -- a flaw in OpenSSL that lets attackers bypass common security protocols -- has been...

Don't change your password. It's strange advice to hear when the so-called Heartbleed bug is leaving databases all over the web open and exposed, but it's applicable. Yes, security has been compromised for many of your favorite websites and services (including Google, Flickr and Steam, at least in...

It's the TUAW Daily Update, your source for Apple news in a convenient audio format. You'll get some the top Apple stories of the day in three to five minutes for a quick review of what's happening in the Apple world.
You can listen to today's Apple stories by clicking the player at the top of...

Now that we know about the Heartbleed bug that allows access to sensitive internet data usually locked down by OpenSSL encryption, Google is of course one of the internet services hard at work applying fixes. The folks in Mountain View announced today that main services like Apps, App Engine, Gmai...